Posted
by
Soulskill
on Tuesday November 29, 2011 @05:14PM
from the everything-is-better-with-lasers dept.

MrKevvy writes
"An Ottawa physicist is using laser light to create truly random numbers much faster than other methods do, with obvious potential benefits to cryptography: 'Sussman's Ottawa lab uses a pulse of laser light that lasts a few trillionths of a second. His team shines it at a diamond. The light goes in and comes out again, but along the way, it changes. ... It is changed because it has interacted with quantum vacuum fluctuations, the microscopic flickering of the amount of energy in a point in space. ... What happens to the light is unknown — and unknowable. Sussman's lab can measure the pulses of laser light that emerge from this mysterious transformation, and the measurements are random in a way that nothing in our ordinary surroundings is. Those measurements are his random numbers.'"

You must have been rolling in the dough back then to have 16MB ram. 8MB about broke my bank.

Well, I had a T5200 [computinghistory.org.uk] portable which had 14MB RAM (its maximum) along with a 100MB disk. It had a 20MHz 386 which had the protected-mode bug which was only supposed to affect 16MHz chips (maybe Toshiba just overclocked it) and a 387 chip, too. It also only had the lousy orange plasma VGA display, because they didn't release the color VGA LCD until a year later. Damn thing was built like a tank, and survived repeatedly being accidentally dropped onto concrete - impossible to kill the thing. It cost a few thou

You're both spoiled! I had 4Mb and only 2Mb on the card and thought I was kicking! Funny now when I have 8Gb on my netbook and the same on my desktop to think about how I spent more for a tiny couple of Mb of RAM back then than I did for my whole netbook now. I'll never forget though the first time I loaded up my Voodoo in my spanking new 133Mhz and loaded Unreal, I swear me and my friends just watched that opening demo for ages going "ooooh!". Man we were easily entertained back then.

as for TFA I never understood why getting a random number always seemed to be so hard, just take all the scores off the sports page, multiple by that last winning powerball numbers, then divide by how many pepperonis you got on your last pizza. Easy peasy!

A DX2 66 486 with 64MB RAM, two 1GB SCSI disks and a CDROM with a 4MB VRAM card. But, that was just the desktop machine. It only clocked in at about $8K (work really sprung for that one) Then there was the decked out Indigo 2. Don't recall the RAM, but the MIPS 4400 upgrade was around 8K alone, and that was small potatoes compared to the $25K 256 layer Z-buffer video card that was added in. That's right - $25K for a video card that today is probably outpaced by pretty much anything you pull out of the recycling pile. And it was the low price of $25K because we bought 2 in a bundle with the upgrades. Originally they went for $38K.

Of course, all of those prices are totally blown away by the $8K 430MB WORM drive we purchased. To truly get how expensively stupid this purchase was, you have to understand how WORM drives operate. They basically had their own controller internally that worked with the internal hardware to position the write/read head as you progressed along the spiral. The problem was, there was no segmentation of the disk, no error correction, no guide tracks, or anything else. So, the entire process was based on the head placement mechanism being in the right place at the right point of the spin to write/read the data. The problem was, these parts would wear, so a disk was good across about 250-400 read-write cycles of the drive. Read that again - the drive could only be used less than 250 times reliably between the writing of a disk and the current reading. After 250, it got dicey, after 400, you could no longer read it. Oh, and just to compare it to today's BD disks, a WORM disk at the time sold for roughly $100 a piece in lots of 100.

Actually, we do know it's not random, within a very small margin of dithering. Given any chosen universal computer (one with an extremely small definition is best), if a sequence can be printed by a program whose length is less than the sequence, the sequence is not random.

There is a small dependence on which universal machine you pick at the outset, but any two universal machines will never disagree on the length of the shortest program required by more than the shortest program by which one machine simul

If a pick a truly random number from a set that includes 9, then there is a nonzero chance that it will be nine. If I then pick another number from that same set, there is an equal nonzero chance of it being 9. If I pick N numbers from that set, then the probability of them all being 9 is X^N, where X is my nonzero chance. Any nonzero number raised to any power will still be nonzero. Therefore there is a nonzero chance that you can generate a random list of numbers and have them all be 9.

I suppose you could get extremely pedantic and say that the question is the probability of a list of 9s being random (as opposed to the probability of a random list containing all 9s), and then make the claim that there is no way to get a completely random list of numbers, but otherwise I don't see how you can ever look at a list of numbers and say with certainty that it wasn't randomly generated.

Doesn't apply; in measure theory "almost sure" means "holds except for a measurable set of measure zero". The sequence "9 9 9 9 9 9 9 9 9", even repeated infinitely, has exactly the same measure as, say, any other sequence of numbers 1-100 generated i.i.d. uniformly (roughly speaking -- the infinite sequences all have measure zero, so the statement must either be made "in the limit", or some other way).

I mean, what about a diamond in the middle attack? If you manage to replace it with well known and tweaked diamond, with known quantum effect (you see, i could use funny words too), then all the systems would be jeopardized.

Absolutely true -- if you replace the diamond with one that produces numbers following some other distribution than the original, even if it's slightly different, that could introduce a massive vulnerability for a dedicated attacker to exploit. The same holds without the attacker needing to replace anything, if he has a slightly better estimate of the distribution that the random number generator follows than the creator of the system (e.g. if the person using it thinks they're getting 0/1 with exactly 0.5

While GoogleDocs version lacks a lot of features Excel provides, it's FILTER function, and it's ability to process whole columns, as opposed to just ranges, makes certain operations so much more elegant, extensible and maintainable. While nowhere near close in a head-on, feature-for-feature comparison, there are certainly use-cases where Google's version is more useful than Excel.

"the measurements are random in a way that nothing in our ordinary surroundings is"

Nonsense. They are random in precisely the same way that a good bouncy roll of the dice are. They are random in precisely the same way that a temperature measurement of a cup full of boiling water 10 seconds after it is poured is. They are random in precisely the same way that the sound coming out of a piezoelectric microphone taped to a car window travelling at 60 MPH is. They are random in precisely the same way that the noise of a reverse-biased silicon junction is.

Perhaps the author meant to say "the measurements are random in a way that no pseudorandom number generator algorithm is."

"the measurements are random in a way that nothing in our ordinary surroundings is"

Nonsense. They are random in precisely the same way that a good bouncy roll of the dice are.

No. The bouncy dice are describable by classical physics. Our inability to predict is based upon our imprecise understanding of the path of the dice, their rotation, air density and movement, the geometry of the area landing in and bouncing about in, the understanding of the materials of the dice and objects it is bouncing against, etc.

In contrast this new method utilizes effects of quantum physics. That is inherently far less measurable and predictable.

If bouncy things were not competitive as a source of random information, then someone would be able to predict lottery powerball drawings, which are indeed governed by bouncy balls.

You have the GP's assertion wrong. He claimed that events describable by classical physics are just as random as quantum events. That is inherently false. Classical events are a practical source of randomness because of our insufficient description of the parameters of the event. That is quite different than quantum events where the parameters are inherently imprecise. With a sufficiently good description of the geometry of the cage, its rotation, the balls, etc would could predict powerball drawings.

The newspaper article is not giving any information that is not already included in the summary.

The paper is published in Optics Express, the abstract can be read here [opticsinfobase.org]. The full article is behind a paywall unfortunately. The author claim that this concept could deliver random numbers at a rate of 100 GHz which is quite fast compared to other true random number generators out there that are based on thermal noise, radiation or other processes.

A while back, the Simtec Entropy Key [entropykey.co.uk] was making the rounds among Debian Devs, and claims to be exploiting quantum effects in the P-N junctions to be a true RNG.

They seem serious and I tend to trust paranoid Debian developers' opinions [entropykey.co.uk], but ultimately I don't have enough knowledge myself to make a confident judgment call. I'd be curious about more opinions.

You can also use resistor noise [wikipedia.org], a good amplifier, and an ADC to make moderately high bandwidth true quantum RNG. I priced out a simple design with a microcontroller on a USB key footprint; looked like $50-100 in prototype quantities, less in large quantities, for 10 KB/s output (or so). Getting the entropy is looked like the easy part; it then needed a fair bit of CPU power (by microcontroller standards) to hash that into usable bits.

You can also (with a lot more software work, and low bitrates) use the resistor noise present in audio input channels to good effect. Turbid [av8n.com] is a project that does just that. Note that when evaluating such projects, the hard part is not getting the numbers, but proving that they have enough entropy, and that they've been properly processed to preserve it. Turbid does an excellent job on this important documentation step.

claims to be exploiting quantum effects in the P-N junctions to be a true RNG

Thats a wee bit of the wordy mumbo jumbo, like talking about the "maxwellian equation emitter controlled by polarization rotation human interface unit" I'm using to read this, instead of calling it a freaking monitor. Just call it a zener diode and be done with it. The Zener story is bizarre and this doesn't help. Clarence M. Zener came up with the theory for his diodes in the 30s, although they couldn't be built until the 50s when they thought it would be cool to name the diode after him, or maybe his physics equation, or both. Strange but true fact is that a "zener" diode operating below 5 volts uses the actual physics Zener effect and a "zener" diode operating above 5 volts uses the physics avalanche effect, which the Entropy Key claims to use.

Note that USB does not provide more than 5 volts and a reasonable current limiter means its gonna be operating well into zener-land.

So, A dude named Zener, invented Zener physics, leading to the theory of zener diodes, then someone else built one 20 years later and named it after him, and the key markets itself as using the closely related avalanche effect, but because only 5 volts is available without some sort of voltage multiplier or boost switching regulator, its probably actually using the low voltage Zener effect, regardless of the effect, devices using avalanche or zener effect are always marketed as zener diodes commercially, so I'm sure there is a Zener on the board. Which doesn't matter in the end, because zener noise is just as good as avalanche noise for crypto, as far as I know. In fact zener is probably better, less temperature dependence. Talk about abuse of proper nouns and trademarks... kinda like my Xerox machine at home was manufactured by Brother.

This stuff is all from memory, I hope I didn't swap Zener and Avalanche effects, although either way its still a heck of a story.

Thanks for posting about the Simtec Entropy Key. At only $56 (Qty 1) for a FIPS-140-2 Level 3 compliance type device based on quantum tunnels is pretty amazing. Just the buzz words, are worth that for any system advertised as secure.

I agree that the numbers are random, in the sense that they're subject to chance, but how confident are they that they know the sampling distribution? That is, can you use this method to generate a random sample a with uniform distribution, or a gamma distribution, or anything else you'd like to use random numbers for?

With quantum observation errors, I wonder if they're assuming the sampling distribution is normal, in which case they'd have to do some work to convert it to give the kind of output that rand

The full paper (link by "Vario" above) seems to indicate that they get random bits, i.e. coin tosses, and claim that they can get a uniform distribution (i.e. 0.5). They also say that "Any possible bias in the phase measurement is removed by post-processing using a fair bit extractor algorithm", citing two papers* (i.e. that though their measurements could lead to a slightly different distribution, they can correct for that). I'm not familiar with the technique, but I guess it's well established. They also show results and say that they did something called the "DIEHARD statistical test suite" (which is apparently a set of tests designed exactly for this problem, i.e. random number generation), and "confirm[ed] that the measured optical phase is a suitable source of random numbers", though I'll have to take them at their word because I'm not familiar with the theory behind this.

'Sussman's Ottawa lab uses a pulse of laser light that lasts a few trillionths of a second. His team shines it at a diamond. The light goes in and comes out again, but along the way, it changes.... It is changed because it has interacted with quantum vacuum fluctuations, the microscopic flickering of the amount of energy in a point in space.... What happens to the light is unknown — and unknowable.

Sounds very much like xray crystallography which discovers all kinds of interesting things about the crystalline matrix.

Would be hilarious if they discover via non-random results there is, after all, some inherent crystaline like order to the quantum vacuum. Or even funnier if they knew it all along, and some TLA agency paid them to try and pass it off as random, cloaked in a lot of new age zero point energy stuff.

When it comes to true random devices, I've coded some micro-controllers to add random numbers based on key-presses from humans, picture someone pressing the button when a 24 mhz timer runs mad, no human that I know of - can repeat press the button so accurately that it hits the same number at a 0.00001th of a second more or less.

When no human interaction is required, I use an insanely accurate temperature sensor, no temperature, not even placed in a professional fridge with 0.01c accuracy can get the same r

The Commodore 64 could produce random numbers by sampling the white noise generator in the SID audio chip. They probably weren't as random as shining a laser through the diamond but I wonder if the difference is enough to matter...

Big advantages of this is that it requires no outside information source, inexpensive and could be miniaturized to fit on an extension card. Then we all could put a random card next to our graphics card in our machines.

"The Higgs field is also thought to make a small contribution, giving mass to individual quarks as well as to electrons and some other particles. The Higgs field creates mass out of the quantum vacuum too, in the form of vir

conservation of information would say that if we could measure and analyze your subconscious, your experiences, your neural connections to a high enough degree that we could uncover the reasoning for your random number picks, and probably even predict the next "random" numbers you come up with.

Incorrectly applying the conservation of information. What you are saying wouldn't work and would violate the Heisenberg uncertainty principle. What would happen is as you did the measurements to that degree you would lose information on the motion of the particles involved as you gained the new information on the position hence the conservation of information. The uncertainty of the choices would still exist and you'd most likely get two different results if his choice had any quantum affects involved.

Just because we can't know a position and vector of a particle now doesn't mean we won't ever be able to.

Yes it does. The Heisenburg uncertainty principle is not a limitation of technology. It's a law of the universe. It's like saying "just because gravity exists today doesn't mean it will exist sometime in the future."

Of course they can. Here: 7, 3. I've just given you two *totally* random numbers.

Nope. And I can prove it. Both of your numbers were between 0 and 9, inclusive. Counting only integers that makes ten possibilities. Now, between 10 and 999, inclusive, there are nine hundred ninety possibilities. Since random numbers are equally likely that means that it is ninety-nine times more likely for a random number to be between 10 and 999, inclusive, than it is for them to be between 0 and 9, inclusive. Successive probabilities multiply, so the likelihood that two numbers chosen at random will be between 10 and 999 inclusive are 8991 times more likely than that they will be between 0 and 9, inclusive. The only reasonable conclusion is that 7 and 3 are not random numbers.

~Loyal

p.s. I think if you search the literature you'll find that 3 is, in fact, a random number. Therefore you problem lies with the 7.

Wow, for one integer to be picked is infinitely rare, but two?!?! And both positive primes near zero... Wait a tic... those have all the markings of a psychologically random number! Sadly, it's impossible to say that's how they were selected, as they're just as likely to occur as anything else from a uniformly distributed random number generator over all possible numbers. Only Laplace's demon knows for sure...

Well, there are things about the universe for which we have no explanation other than 'it's random'. Stuff where the internal state, if any, is hidden from us in pretty fundamental ways. If your opponent has to surround your laser experiment with a jupiter scale atom smasher in order to determine what you're going to get, that's pretty securely random.

That's the point though--just because we don't have an explanation doesn't make it random--it may be apparently random, but that irks me in the same way that people drop off the "known-" or "observable-" in front of "universe".

Also "securely random" implies an application for which these "apparently random" numbers are "good enough"...

That was what Einstein thought. So he set up a thought experiment to prove that quantum was only apparently random, called the Einstein-Rosen-Podolsky paradox. Turned out, after Aspect ran the experiment, that Einstein was wrong. Reality was more random than he thought. It still might be the case that there's an order behind the quantum randomness, but that's currently more an article of faith than scientific insight.

Okay, fair enough. Is there any basis for this belief other than that you like it to be the case that the universe is deterministic? I sometimes like the universe to be a lollypop. It seldomly is. I'm saying this just to be an ass I guess, but still: why would this belief of yours be valuable, if it is backed by fact nor theory? Many people like to believe that a supreme being exists that wants to be friends with them. Is your belief in that category, or is there more to it?

As a card-carrying atheist I don't believe in a space-genie either. When things one generally holds to be true are not currently provable with the knowledge one (we as humanity) has, that does not make them invalid nor meaningless. Nor does it require a space-genie. One is free to hold beliefs, and even to actively pursue their validation or invalidation. Einstein did this, in this very realm we are discussing. As I posted in another part of this thread, science has frequently believed "this is as deep as it goes!" only to be proven incorrect later on. I for one am not arrogant enough to believe that there cannot be some underlying deterministic cause for the phenomena we currently recognize as "random". And I would not respect the scientist who holds otherwise--but I would respect the scientist that believes there can exist phenomena without underlying deterministic cause.

But Einstein proposed a way to test it and he was proven wrong with the EPR paradox. To Einstein and Scientists Data is King, and it would be interesting to know what Einstein would have said after the test was done. What you are proposing isn't like Einstein at all and is more like the Space-Genie hypothesis. Science also doesn't believe that "this is as deep as it goes!" otherwise why put any effort into the LHC, Opera, Fermi Lab, or the numerous other labs trying to go deeper? Every Scientist knows t

I think it's an interesting discussion, determinism. It seems to underlie most of western physics, up to the point when quantum mechanics came to the scene. We're still recovering from that. My question is really about the underlying motivation for the belief. Is it philosophical? Is it because of some sense of mathematical elegance? Is it literate? I am for instance fine with randomness: at the moment our understanding is that the universe is random, but still causal. 100 years ago, we thought it was fully

The term "random" is generally (even in science, from what I know of it) taken to refer to things which we are not able to predict, even theoretically. We do not, however, know for sure if the system is non-deterministic (that is, truly random) or only apparently so.

Again, not a quantum physicist. But I believe that is the general state of affairs. See Wikipedia [wikipedia.org] for more.

While there are other random number generators, by far and away the most common "random number generator" is the Linear congruential generator [wikipedia.org].... the typical one that is used for most video games due to the fact that it can be configured using only integer-based arithmetic operations (no need for floating point overhead). That makes the generator extremely fast, but unfortunately predictable. Sadly, lousy constants are usually picked with many operating system vendors or compiler writers which make this

Random number generation is used in applied cryptography. That's the application for which it is useful to have a source of random numbers that can't be guessed by a sufficiently well funded opponent. In this case, it might be literally impossible for any opponent to be well-funded enough to defeat this.

Not really, the universe may indeed possess truly inherently random phenomena -- my *belief* may be wrong--that is why it is a "belief"... However, we have words for many concepts that provably do not exist, yet the words still have value...

I love that in a scientist: he basically said "It doesn't fit my frame of reference, so my gut tells me it couldn't be right." But he published it anyways because the theory was sound. A bit like the FTL neutrino's: "It must be wrong but we can't find the fault. Can anyone repeat our measurements". Not hiding it because the data doesn't fit what they expected, but checking it (1500 times if I am correct) and publishing it if the results remain the same. With the caveat "It must be incorrect, but we can't f

You can believe what you want, but it doesn't change the way the Universe works. Sure, we may find out that the roots of uncertainty lie only in our ignorance, but it does not seem likely that that is the case. I mean, Einstein spent a good chunk of his life trying to prove your hypothesis, as he did not like the idea of uncertainty and randomness, but he only ended up massively proving quantum mechanics.

We don't have a complete and total understanding of the Universe, but that doesn't make fairies any more likely to be real. More importantly, I think that the burden of proof ought to be on those that are making a claim contrary to our current understanding; you need to prove that there is an underlying order to the Universe. Right now, that doesn't seem to be the case. I would absolutely be open to evidence that suggests that our current understanding is mistaken, but until we see it, it is just empty spec

Really? No randomness? What if the universe conspired to make it completely impossible for us mere mortals to ever predict a number? This is what quantum physics tells us is happening.

As an example of an impossible to predict situation the universe made two copies of itself at a point where you choose a direction to turn (a simplification of the many-worlds hypothesis). One copy is where you make the decision to turn left and one where you make a decision to turn right. Just before the copy was made how wou

Reality?
You doubt the existence of random numbers and your own reality? I would understand doubting one or the other but believing in determinism is the path to believing in an underlying reality. Uncertainty and randomness are the basis of doubting that an absolute underlying reality exists.
Are you trying to have your cake and eat it too?